Moscow, the Russian Federation
Effective Date: 01.07.2017
The personal data processing policy (hereinafter: the “Policy”) is developed in accordance with Federal Law “On Personal Data” No. 152-FZ dated 27 July 2006 (hereinafter: “FZ - 152”).
This Policy establishes the procedure for personal data processing and measures to ensure security of the personal data to be applied at ANYWAYANYDAY HOLDING LIMITED, BVI Company No.: 1726035, Vanterpool Plaza, 2-nd floor, Wickhams Cay, I, Road Town, Tortola, the British Virgin Islands, (hereinafter: the “Operator”) in order to protect rights and liberties of an individual and a citizen while processing the personal data thereof, inter alia, a right to privacy, personal and family secrets.
The following basic terms and definitions are used in this Policy:
automated processing of personal data means the personal data processing using computer technology;
blocking of personal data means temporary interruption of the personal data processing (except where the processing is necessary to adjust the personal data);
information system of personal data means a combination of the personal data included into personal data databases and information technologies and hardware used to procure processing thereof;
anonymization of personal data means actions making it impossible to identify the personal data as related to a certain personal data subject without any additional information;
personal data processing means any action (operation) or a series of actions (operations) performed with the personal data, with or without automation facilities, including collection, recording, systematization, accumulation, storage, adjustment (updating, alteration), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion and destruction of the personal data;
operator means a state authority, municipal authority, legal or private person which (alone or jointly with other persons) organizes and (or) performs the personal data processing and defines purposes of the personal data processing, content of the personal data to be processed, and actions (operations) to be made with the personal data;
personal data means any information related (directly or indirectly) to an identified or identifiable individual (the personal data subject);
provision of personal data means actions aimed to disclose the personal data to a certain person or certain group of persons;
distribution of personal data means actions aimed to disclose the personal data to the public (personal data transfer) or to familiarize the general public with such data including disclosure of the personal data in mass media, posting thereof in information and telecommunication networks or granting access to the personal data in any other way;
trans-border transfer of personal data means the personal data transfer to a foreign country, foreign government authority, foreign individual or foreign legal person;
destruction of personal data means actions making it impossible to restore the personal data content in the information system of personal data and (or) resulting in destruction of tangible carriers of the personal data.
The Operator shall be obliged to publish or otherwise provide unrestricted access to this Personal Data Processing Policy in accordance with para 2 of Article 18.1 of FZ-152.
The Operator shall process the personal data based on to the following principles:
The Operator shall process the personal data where at least one of the following terms is met:
The Operator and other persons who have obtained an access to the personal data shall not disclose the personal data to any third parties or distribute the personal data without the personal data subject’s consent unless otherwise provided for by a federal law.
For the purposes of information support, the Operator may create publicly available sources of personal data of the personal data subjects including directories and address books. The publicly available sources of personal data, with the written consent of the personal data subject, may include the subject's surname, first name, patronymic, date and place of birth, title, contact phones, email address and any other personal data provided by the personal data subject.
The information on the personal data subject shall be removed, at any time, from the publicly available sources of personal data whenever this is requested by the personal data subject, a body authorized to protect the personal data subjects’ rights or required by a court order.
The Operator may process special categories of personal data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, state of health, intimate life where:
The processing of special categories of personal data which has been performed in cases provided for by item 4 of Article 10 of FZ-152 shall be immediately terminated where the processing reasons have been eliminated unless otherwise prescribed by a federal law.
The Operator may process personal data regarding criminal convictions only in cases and according to procedures set forth by federal laws.
The Operator may process details which characterize physiological and biological features of a person based on which he/she may be identified (biometric personal data) only with the written consent of the personal data subject.
The Operator may authorize and instruct any other person to process the personal data with the personal data subject’s consent unless otherwise prescribed by a federal law, based on an agreement to be entered into with this person. A person processing the personal data upon the Operator’s instruction shall observe the principles and rules of the personal data processing set forth by FZ-152 and this Policy.
Pursuant to Article 2 of Federal Law No. 242-FZ “On amendments to certain legislative acts of the Russian Federation related to adjustment of the procedure for personal data processing in information and telecommunication networks» dated 21 July 2014, when collecting personal data, inter alia, when using the information and telecommunication network Internet, the operator shall ensure recording, systematization, accumulation, storage, adjustment (updating, alteration), extraction of the personal data of the Russian Federation citizens using databases located within the Russian Federation except as follows:
The Operator shall make sure that any foreign state where the personal data are to be transferred ensures adequate protection of the personal data subjects’ rights before commencing such transfer.
The trans-border transfer of personal data to foreign states which do not ensure adequate protection of the personal data subjects’ rights may be carried out in the following cases:
The personal data subject shall, freely, willingly and in his/her own interest, make a decision to provide his/her personal data and give his/her consent to processing thereof. The consent to personal data processing may be given by the personal data subject or his/her representative in any form which makes it possible to confirm receipt thereof unless otherwise prescribed by a federal law.
The personal data subject shall be entitled to obtain from the Operator information relating to processing of his/her personal data if such right is not limited under federal laws. The personal data subject may require the Operator to adjust his/her personal data, to block or destroy them where such personal data are incomplete, outdated, inaccurate, illegally obtained or inessential for the declared purpose of processing, and also to take statutory actions to protect his/her rights.
The personal data processing for marketing goods, works, services by making direct contacts with the personal data subject (a potential consumer) using communication means and for political agitation shall be permitted only subject to a prior consent of the personal data subject.
The Operator shall, upon request by the personal data subject, immediately terminate processing of his/her personal data for the above-mentioned purposes.
It shall be prohibited to make decisions which cause legal consequences for the personal data subject or otherwise affect his/her rights and legitimate interests only based on the automated processing of personal data except for cases contemplated by federal laws or subject to a written consent of the personal data subject.
Where the personal data subject believes that the Operator violates the requirements set forth in FZ-152 in processing his/her personal data or otherwise infringes his/her rights and liberties, the personal data subject may appeal against actions or omissions of the Operator to a body authorized to protect the personal data subjects’ rights or through legal action.
The personal data subject shall have the right to protect his/her rights and legitimate interests including the right to indemnity for losses and/or compensation for moral injury.
When processing the personal data, the Operator shall ensure security of the personal data by taking legal, organizational and technical measures necessary to observe federal laws concerning personal data security.
The Operator shall take the following organizational and technical measures to prevent unauthorized access to the personal data:
Any other rights and obligations of the Operator connected with the personal data processing shall be established by the legislation of the Russian Federation concerning personal data.
The Operator’s employees who violate the personal data processing rules and security thereof shall bear financial, disciplinary, administrative, civil or criminal liability under federal laws.
This document is made in Russian. The translation hereof in any other language shall be additional and placed for convenience of the User only. Should any discrepancies between the Russian version and translations hereof arise, the Russian version shall prevail.